SkullLocker Ransomware

During the examination of malware samples, a new variant of ransomware was discovered by infosec researchers. The ransomware, named SkullLocker, operates by encrypting files, appending the '.skull' extension to the filenames, and creating a ransom note named 'read_it.txt.' The threat is confirmed to be based on the Chaos Ransomware family of threats.

An example of how SkullLocker Ransomware operates is by changing the filenames of the encrypted files. For instance, a file named '1.png' would be renamed to '1.png.skull,' and a file named '2.doc' would be renamed to '2.doc.skull,' and so on.

The SkullLocker Ransomware can Cause Significant Damage to Infected Devices

The SkullLocker Ransomware, after encrypting the victim's files, displays a ransom note in Polish that informs them about the situation. The note explains that the files have been encrypted by the SkullLocker Ransomware, and the only way to regain access to them is by paying the ransom amount within 72 hours. The note also warns that failure to pay the ransom within the given time will lead to permanent loss of data.

The ransom note provides a website address where the victims can obtain more information on how to pay the ransom and recover their files. The victims are explicitly instructed not to attempt to remove the ransomware or recover the damaged data using security software, as this may cause permanent damage to the files.

Taking Appropriate Security Measures against Threats Like the SkullLocker Ransomware is Crucial

Users can protect their devices from ransomware threats by implementing a multi-layered security approach. Firstly, users should ensure that their operating systems, software, and security solutions are up to date with the latest patches and updates. They also should exercise caution when downloading email attachments, clicking on links, or downloading files from untrusted sources.

Secondly, users should regularly back up their critical data to an offline or cloud-based storage location. This way, if their device is infected with ransomware, they can restore their data without having to pay the ransom amount.

Thirdly, users should exercise caution when browsing the Internet and refrain from visiting suspicious or potentially malicious websites. It is also advisable to use a reputable anti-malware solution that can detect and block ransomware before it infects the device.

Finally, users should be aware of common ransomware attack methods, such as phishing emails, social engineering tactics, and fake software updates. Being aware of these tactics and staying vigilant can help users avoid falling victim to ransomware attacks.

The ransom message left to the victims of SkullLocker Ransomware is:

'Witaj,

Twoje pliki zostały zaszyfrowane przez SkullLocker ransomware. Aby odzyskać dostęp do nich, musisz zapłacić okup w ciągu 72 godzin. W przeciwnym razie dane zostaną trwale utracone.

Aby uzyskać więcej informacji na temat sposobu zapłaty okupu i odzyskiwania plików, przejdź na stronę internetową podaną poniżej.

U6cQ2nV4KzL3H8jxSdGhTfMlR0N1wX7eJbO9mZyIaP5pgqWvEoBkYtAxDsFi.onion

Jeśli masz jakiekolwiek pytania, możesz skontaktować się z nami za pomocą adresu e-mail [adres e-mail].

Nie próbuj usuwać programu ransomware ani próbować odzyskać danych za pomocą oprogramowania antywirusowego. Może to spowodować trwałe uszkodzenie Twoich plików.

Pamiętaj, że czas jest kluczowy. Im dłużej zwlekasz, tym mniejsze szanse na odzyskanie Twoich plików.

Pozdrawiamy,
Zespół ransomware'